DNS queries limitation by host ?
Jim Reid
jim at rfc1035.com
Mon Aug 23 12:41:09 UTC 2004
>>>>> "Ladislav" == Ladislav Vobr <lvobr at ies.etisalat.ae> writes:
Ladislav> well, and I see you reply is very general one, have you
Ladislav> ever try to do such a thing?
No, but I know people who *have* to do this and discussed approaches
to rate limiting with them.
Ladislav> I was talking about dynamic rate limiting
Nobody else was. The OP was talking about query rate limiting hooks
for BIND. There was no mention of dynamic rate limiting. Until you
raised this non sequitur.
Ladislav> Most of the fw/routers don't support dynamic rate
Ladislav> limiting, and many developers know it and their
Ladislav> applications implement it, since it is a must today for
Ladislav> big public environements.
This is utterly irrelevant to the original discussion. DNS service is
not an application in the same sense as an HTTP or SMTP server is an
application. The same goes for the respective protocols. And as I
already said, BIND does not have hooks for limiting inbound
queries. For DNS queries That job is best done by a router in front of
the name server.
Ladislav> hmm, what is small for you, do you know that today
Ladislav> almost everybody has at least isdn,dsl,cable ? Do you
Ladislav> know that to fill the recursive-client queue on bind is
Ladislav> a piece of cake even for analog dial-up user? Do you
Ladislav> know, that bind doesn't even bother to log this or give
Ladislav> you a hint why and who doing this?
<scarcasm mode>
No. What's dsl? Do you mean to say a name server needs to be
configured and tuned for the environment where it gets deployed?
Fancy that!
</scarcasm mode>
More information about the bind-users
mailing list